Policy Templates

Pre-configured device configuration templates for rapid deployment of security baselines, compliance policies, and configuration profiles. Standardize device management across tenants with reusable templates.

Template Categories

Security Baselines

Microsoft-recommended security settings based on best practices and industry standards.

• Windows Security Baseline
• Microsoft Edge Baseline
• Microsoft 365 Apps Baseline
• Defender for Endpoint Baseline

Compliance Policies

Define requirements devices must meet to be considered compliant for Conditional Access.

• Basic Security (all platforms)
• Enhanced Security (corporate devices)
• BYOD Compliance
• Kiosk/Shared Device

Configuration Profiles

Device settings and restrictions for various scenarios and use cases.

• Standard Workstation
• Kiosk Mode
• Frontline Worker
• Developer Workstation

App Protection

MAM policies for protecting corporate data within managed applications.

• Standard MAM (iOS/Android)
• Strict Data Protection
• BYOD App Policy
• Contractor Access

Available Templates

Windows Security Baseline

Recommended security settings based on Microsoft security guidance:

Device Security

• BitLocker encryption required
• Secure Boot enabled
• Firewall enabled on all profiles
• Credential Guard enabled

User Security

• Windows Hello for Business
• Password complexity requirements
• Account lockout after 10 attempts
• Screen lock after 5 minutes

Defender Settings

• Real-time protection enabled
• Cloud-delivered protection
• Network protection enabled
• PUA protection enabled

Network Security

• SMBv1 disabled
• TLS 1.2+ required
• NetBIOS disabled
• LLMNR disabled

Compliance Template Builder

To build a compliance template:

1. Template Name — Give the template a descriptive name (e.g., “Corporate Windows Compliance”)
2. Platform — Select the target platform (Windows 10/11, macOS, iOS/iPadOS, Android Enterprise)
3. Device Health — Configure requirements (Require BitLocker, Require Secure Boot, Require code integrity)
4. Device Properties — Set minimum and maximum OS version constraints
5. System Security — Enable password required, minimum password length, firewall required, antivirus required

Template Deployment

1. Select Template — Choose or create a template
2. Select Tenants — Choose target tenants
3. Customize — Adjust settings if needed
4. Deploy — Push to tenants

Template Versioning

Track changes to templates with version history:

• v2.0 (Current) — Added Credential Guard requirement, Jan 15, 2024
• v1.5 — Updated password complexity, Dec 10, 2023
• v1.0 — Initial release, Nov 1, 2023

API Reference

• GET /api/devices/policy-templates — List all policy templates
• POST /api/devices/policy-templates — Create new template
• POST /api/devices/policy-templates/:id/deploy — Deploy template to tenants
• GET /api/devices/policy-templates/:id/versions — Get template version history
• GET /api/devices/policy-templates/:id/deployments — Get deployment status